CERT-RMM Capability Appraisals

A CERT-RMM appraisal is used to objectively review an organization against the model's processes and practices. It can be used internally to improve the organization's processes for managing operational resilience, or it can be applied externally to determine the capability of a third-party organization (e.g., business partner, supplier). Either way, the appraisal provides a foundation for long-term process improvement.

Unlike assessments, audits, or evaluations in the security, business continuity, or IT domains, the CERT-RMM appraisal helps an organization understand its level of capability through an examination of process maturity. In other words, it determines not only whether an organization is doing the right things right now, but whether it is capable of sustaining an acceptable level of performance during times of stress and over the long run.

A CERT-RMM appraisal provides insight into

current state of the organization's processes for managing operational resilience

the organization's process strengths and weaknesses

opportunities for improvement relative to the CERT-RMM

potential value of improvements

ways to prioritize improvement activities

The appraisal is performed by SEI-authorized appraisers who are trained in CERT-RMM and its appraisal methodology. How involved the organization's personnel will be in the appraisal depends on the appraisal's scope.

To learn more about CERT-RMM appraisals, see our CERT-RMM Appraisal FAQ. To arrange for a CERT Division appraiser to perform a CERT-RMM appraisal in your organization contact us.

Take the Next Step

Learn more about CERT-RMM appraisals, become a licensed CERT-RMM appraiser, or arrange for CERT staff to perform a CERT-RMM appraisal in your organization.

Recommended Resources

Related Areas of Work

The CERT approach to cybersecurity workforce development builds knowledge, skills, and experience in a continuous cycle of professional development. We offer comprehensive, targeted, and cost-effective training options that can be tailored to the needs of your organization.